| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: DHL Virus oder Trojaner warscheinlich eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.06.2015, 14:53
| #31 |
| /// TB-Ausbilder   |  DHL Virus oder Trojaner warscheinlich eingefangen |
|
04.06.2015, 18:57
| #32 |
 | DHL Virus oder Trojaner warscheinlich eingefangen Hallo Matthias,
__________________Habe alles so gemacht, heißt ununterbrochen lt. Anleitung heruntergeladen, umbunden in der Auswahl. Das waren ca. 1050mb. Alessandro durchlaufen lassen. Danach in meinen PC eingesteckt (den USB Stick) und im BIOS eingestellt auf Booten vom usb Stick Da kam folgendende Fehlermeldung BusyBox v1.21.1 (Ubundu 1:1.21.0-1ubundu1) Build-Inshell (Ash) Enter help for a List of Built - in Commands (Initramfs) unablässig to find a Medium containing a live file system Und ganz obend stand [31.108008] ata6: comreset failed (errno=-16) Bin dann auf help gegangen. Selber fehlercode. Der PC startet nicht obwohl ubuntu geladen wird, aber ich komme nicht weiter...... |
|
04.06.2015, 19:35
| #33 |
| /// TB-Ausbilder | DHL Virus oder Trojaner warscheinlich eingefangen Servus,
__________________kommst du in den Reparaturmodus? Windows neu starten, mehrmals auf F8 drücken. Dann kommst du zu einer Auswahl, u. a. auch für den abgesicherten Modus. Wähle aber nun Computer reparieren. Gib deinen Benutzernamen und das Passwort ein. Wähle nun Systemstartreparatur aus und folge den Anweisungen. Der Rechner muss im Anschluss neu gestartet werden. |
|
05.06.2015, 20:58
| #34 |
| | DHL Virus oder Trojaner warscheinlich eingefangen Hallo Matthias, Es gab bei dem Starten eine Fehlermeldung ich schreib dir mal auf was da geschrieben stand. Starthilfe kann nicht automatisch rep. Werden. Details Problemereignisname StartupRepairV2 Problemsignatur. 01. Syst.-Disk 02. 6.06001.18000.0.0.0 03. 0 04. 65537 05. unknow 06. MissingBootManager 07. 0 08. 2 09. WrpRepair 10. 21 Betriebssystemversion. 6.0.6001.2.1.0.256.1 Gebietsschema - ID. 1031 |
|
05.06.2015, 21:10
| #35 |
| /// TB-Ausbilder | DHL Virus oder Trojaner warscheinlich eingefangen Servus, starte Windows nochmal im Reparaturmodus und starte nun die Eingabeaufforderung. Gib in die Kommanozeile folgende Befehle nacheinander ein und drücke jeweils auf Enter: Code:
ATTFilter BootRec /fixmbr
BootRec /fixboot
Starte den Rechner neu auf und berichte. |
|
06.06.2015, 06:39
| #36 |
| | DHL Virus oder Trojaner warscheinlich eingefangen Hallo Matthias Nach Eingabe der Befehle überprüft Windows auf Speicherprobleme Dann folgte ein automatischer Neustart Es zeigt sich ein schwarzer Bildschirm mit beweglichem Mauszeiger Nach ca.10 bis15 min. Kam ein Hinweisfeld Logon.scr - Fehler in Anwendung Die Anwendung konnte nicht richtig initialisiert werden (0xc0000135) Klicken Sie auf ok um Anwendung zu beenden |
|
06.06.2015, 11:32
| #37 | |
| /// TB-Ausbilder | DHL Virus oder Trojaner warscheinlich eingefangen Servus, starte Windows nochmal im Reparaturmodus und starte nun die Eingabeaufforderung. Gib in die Kommanozeile folgenden Befehl ein drücke auf Enter: Zitat:
Wenn das auch nicht hilft, nochmal im Reparaturmodus starten > Systemstartreparatur. Diese mehrmals (mind. 3 mal) durchführen. Wenn das auch nichts hilft, versuche über den Reparaturmodus nochmal einen Systemwiederherstellung und eine Windows Speicherdiagnose. |
|
07.06.2015, 07:31
| #38 |
| | DHL Virus oder Trojaner warscheinlich eingefangen Hallo Matthias Bei dem Bootrec Befehl sagte er das die Suche erfolgreich durchgeführt wurde und null Verzeichnisse gefunden wurden. Aber keine Veränderung nach dem Neustart. Hab dann so weiter gemacht wie du es sagtest. Bei der Überprüfung kam der Hinweis, das die Prüfung auf Speicherprobleme kann aufgrund eines Problems beim Systemstart nicht durchgeführt werden konnte. Und das ich das Tool manuell ausführen soll...... Systemwiederherstellung ging auch nicht mit dem Hinweis das die wiederherzustellende Windowsinstallation angegeben werden muss. Keine Veränderung beim Hochfahren immer noch der bekannte Hinweis auf den Logon.scr |
|
07.06.2015, 08:58
| #39 |
| /// TB-Ausbilder | DHL Virus oder Trojaner warscheinlich eingefangen Servus, FRST im Reparaturmodus ausführen: Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil) |
|
07.06.2015, 14:59
| #40 |
| | DHL Virus oder Trojaner warscheinlich eingefangen Mit der Windows DVD Eingabeaufforderung und dem notepad Befehl öffnet sich nur ein weises Fenster ohne Inhalt. Wenn ich im Boot Menü direkt den usb Stick eingebe als Start kommt error loading operating system. In der reperaturfunktion öffnen sich außer c und d keine Laufwerke. Außerdem komme ich nicht wie in der Beschreibung beschriebenen auf den "America Megatrend" Schirm, obwohl ich ihn schon paar mal gesehen habe. |
|
09.06.2015, 09:01
| #41 |
| | DHL Virus oder Trojaner warscheinlich eingefangen Ich habe mich nur zu blöd angestellt habe jetzt nochmal alles in Ruhe und Schritt für Schritt gemacht und habe Poste jetzt das Ergebnis des Scans von FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-06-2015
Ran by SYSTEM on MININT-5SO7D58 on 09-06-2015 09:24:38
Running from i:\
Platform: Windows Vista (TM) Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-11] (Realtek Semiconductor)
HKLM\...\Run: [Acer Empowering Technology Monitor] => C:\Acer\Empowering Technology\SysMonitor.exe [326176 2008-01-09] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)
HKLM\...\Run: [PCMMediaSharing] => C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [196128 2007-12-07] (NVIDIA Corporation)
HKLM\...\Run: [PCTools FGuard] => C:\Program Files\PC Tools Security\BDT\FGuard.exe [108496 2010-09-24] (Threat Expert Ltd.)
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [318464 2008-01-21] (Microsoft Corporation)
HKU\Default\...\RunOnce: [RUN] => C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\Default User\...\RunOnce: [RUN] => C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\sandraundjörg\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\sandraundjörg\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\sandraundjörg\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\sandraundjörg\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\sandraundjörg\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ACER(N~1.SCR [187392 2006-10-19] ()
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-25] (CyberLink)
S2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] ()
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825856 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 Browser Defender Update Service; C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe [235472 2010-09-24] (Threat Expert Ltd.)
S2 cjpcsc; C:\Windows\system32\cjpcsc.exe [498096 2010-05-02] (REINER SCT)
S2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-03-04] (Egis Incorporated)
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()
S2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] ()
S3 sdAuxService; C:\Program Files\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
S3 sdCoreService; C:\Program Files\PC Tools Security\pctsSvc.exe [1145304 2010-09-29] (PC Tools)
S2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [376200 2013-08-01] (SafeNet Inc.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [244040 2013-08-09] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [53192 2013-08-09] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [296200 2013-08-09] (SafeNet Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-05-07] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-05-07] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-01] (AVM Berlin)
S1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28208 2010-02-08] (REINER SCT)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [926080 2010-10-01] (AVM GmbH)
S2 hardlock; C:\Windows\system32\drivers\hardlock.sys [608648 2013-08-01] (SafeNet Inc.)
S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
S0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [237632 2010-08-18] (PC Tools)
S0 pctDS; C:\Windows\System32\drivers\pctDS.sys [338880 2010-07-16] (PC Tools)
S0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [656320 2010-07-16] (PC Tools)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S1 cqnkcwly; \??\C:\Windows\system32\drivers\cqnkcwly.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-05 10:36 - 2015-06-05 10:36 - 00000000 ____D C:\Temp
2015-05-27 10:43 - 2015-05-27 10:43 - 00000000 ____D C:\Users\sandraundjörg\AVM_Driver(657)
2015-05-27 02:03 - 2015-05-27 02:03 - 00000000 ____D C:\Users\sandraundjörg\AppData\Roaming\DriverCure
2015-05-26 09:11 - 2015-05-26 09:11 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-05-25 10:19 - 2015-05-25 11:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-25 10:17 - 2015-05-25 11:17 - 00000000 ____D C:\Users\sandraundjörg\Desktop\mbar
2015-05-24 19:25 - 2015-05-24 19:25 - 00000601 _____ C:\Users\sandraundjörg\Desktop\aswMBR.txt
2015-05-23 20:09 - 2015-05-23 20:10 - 00000000 ___SD C:\ComboFix
2015-05-23 19:26 - 2015-05-23 20:06 - 00000000 ____D C:\Qoobox
2015-05-23 17:26 - 2015-05-23 20:09 - 00000000 ___SD C:\32788R22FWJFW
2015-05-22 14:16 - 2015-06-09 09:24 - 00000000 ____D C:\FRST
2015-05-21 13:09 - 2015-05-21 13:09 - 00000000 ____D C:\ProgramData\Emsisoft
2015-05-21 12:59 - 2015-05-23 07:42 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-05-21 12:12 - 2015-05-25 10:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-19 08:47 - 2015-05-28 09:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-19 08:47 - 2015-05-19 08:47 - 00000000 ____D C:\Program Files\Mozilla Firefox(274)
2015-05-14 02:22 - 2015-04-30 17:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-05-14 02:17 - 2015-04-19 22:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2015-05-14 02:17 - 2015-04-19 22:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2015-05-14 02:17 - 2015-04-19 22:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2015-05-14 02:17 - 2015-04-19 22:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2015-05-14 02:17 - 2015-04-19 21:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2015-05-14 02:17 - 2015-04-19 21:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2015-05-14 02:17 - 2015-04-19 21:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2015-05-14 02:17 - 2015-04-19 21:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-05-14 02:17 - 2015-04-19 21:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-05-14 02:17 - 2015-04-19 05:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-05-14 02:16 - 2015-04-30 14:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 02:03 - 2015-04-11 00:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\System32\services.exe
2015-05-13 08:58 - 2015-04-10 15:06 - 01214976 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-05-13 08:58 - 2015-04-10 15:06 - 00916992 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-05-13 08:58 - 2015-04-10 15:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-05-13 08:58 - 2015-04-10 15:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2015-05-13 08:58 - 2015-04-10 15:05 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2015-05-13 08:58 - 2015-04-10 15:04 - 06007808 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-05-13 08:58 - 2015-04-10 15:04 - 00630784 _____ (Microsoft Corporation) C:\Windows\System32\mstime.dll
2015-05-13 08:58 - 2015-04-10 15:04 - 00630272 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-05-13 08:58 - 2015-04-10 15:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-05-13 08:58 - 2015-04-10 15:04 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 11084800 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 02006016 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 01469440 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-05-13 08:58 - 2015-04-10 15:03 - 00727552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00387584 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-05-13 08:58 - 2015-04-10 15:02 - 00348160 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-05-13 08:58 - 2015-04-10 15:02 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-05-13 08:58 - 2015-04-10 15:02 - 00019456 _____ (Microsoft Corporation) C:\Windows\System32\corpol.dll
2015-05-13 08:58 - 2015-04-10 07:45 - 00385024 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-05-13 08:58 - 2015-04-10 06:01 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-05-13 08:58 - 2015-04-10 06:01 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-05-13 08:58 - 2015-04-10 05:59 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2015-05-13 08:58 - 2015-04-10 05:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-09 08:06 - 2010-10-17 13:17 - 02009041 _____ C:\Windows\WindowsUpdate.log
2015-06-09 07:53 - 2008-01-21 08:16 - 01566088 _____ C:\Windows\System32\PerfStringBackup.INI
2015-06-09 07:46 - 2010-11-13 10:53 - 00000000 ____D C:\ProgramData\TEMP
2015-06-09 07:46 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 07:46 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 07:45 - 2008-01-21 03:47 - 10438502 _____ C:\Windows\PFRO.log
2015-06-06 05:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\LogFiles
2015-05-28 14:35 - 2013-12-05 17:50 - 00000000 ____D C:\Program Files\StarMoney 9.0
2015-05-28 09:33 - 2011-12-27 10:00 - 00000000 ____D C:\Program Files\RegClean Pro
2015-05-28 09:31 - 2013-08-03 10:36 - 00000000 ____D C:\Windows\AVM_Driver
2015-05-28 09:31 - 2010-10-17 14:20 - 00000000 ____D C:\users\sandraundjörg
2015-05-28 09:31 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\ShellNew
2015-05-28 09:31 - 2006-11-02 12:18 - 00000000 __RSD C:\Windows\Media
2015-05-28 09:31 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\spool
2015-05-28 09:31 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\Msdtc
2015-05-28 09:31 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2015-05-28 09:31 - 2006-11-02 11:22 - 57147392 _____ C:\Windows\System32\config\software_previous
2015-05-28 09:31 - 2006-11-02 11:22 - 41680896 _____ C:\Windows\System32\config\components_previous
2015-05-28 09:31 - 2006-11-02 11:22 - 181927936 _____ C:\Windows\System32\config\system_previous
2015-05-28 09:31 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\System32\config\security_previous
2015-05-28 09:31 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\System32\config\sam_previous
2015-05-28 09:31 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\System32\config\default_previous
2015-05-28 09:30 - 2014-09-27 09:02 - 00000000 ___RD C:\Users\sandraundjörg\Desktop\wolllottes landhof
2015-05-28 09:30 - 2014-07-02 08:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-05-28 09:30 - 2014-05-28 10:36 - 00000000 ____D C:\Users\sandraundjörg\Downloads\USB-Massenspeichergerät 8afe585d7ea8f76c3493e6ab9e30bc64
2015-05-28 09:30 - 2014-05-28 10:17 - 00000000 ____D C:\Users\sandraundjörg\Downloads\NVIDIA nForce RAID Controller 127f0242f81f9db1db277494d760daa9
2015-05-28 09:30 - 2014-01-14 19:45 - 00000000 ____D C:\Users\sandraundjörg\{d17a6dc5-6f6b-43ab-8001-415173969a3f}
2015-05-28 09:30 - 2014-01-08 13:06 - 00000000 ___RD C:\Users\sandraundjörg\Desktop\Wolllotte
2015-05-28 09:30 - 2013-08-03 10:37 - 00000000 ____D C:\Program Files\avmwlanstick
2015-05-28 09:30 - 2013-08-03 10:36 - 00000000 ____D C:\Users\sandraundjörg\AVM_Driver
2015-05-28 09:30 - 2012-11-01 10:16 - 00000000 ___RD C:\Users\sandraundjörg\Desktop\CorelDRAW Graphics Suite X4
2015-05-28 09:30 - 2012-01-22 11:26 - 00000000 ____D C:\Users\sandraundjörg\Desktop\EBOOKS
2015-05-28 09:30 - 2012-01-19 19:46 - 00000000 ____D C:\Users\sandraundjörg\AppData\Roaming\FinalMediaPlayer
2015-05-28 09:30 - 2012-01-19 19:46 - 00000000 ____D C:\Program Files\File Type Assistant
2015-05-28 09:30 - 2012-01-19 19:44 - 00000000 ____D C:\Program Files\Free Offers from Freeze.com
2015-05-28 09:30 - 2011-12-27 10:00 - 00000000 ____D C:\Users\sandraundjörg\AppData\Roaming\Systweak
2015-05-28 09:30 - 2011-12-27 07:32 - 00000000 ____D C:\Users\sandraundjörg\Desktop\Musik
2015-05-28 09:30 - 2011-08-30 05:54 - 00000000 ____D C:\Program Files\iLivid
2015-05-28 09:30 - 2011-04-06 09:09 - 00000000 ____D C:\Users\sandraundjörg\Desktop\Jörg
2015-05-28 09:30 - 2010-12-18 17:49 - 00000000 ____D C:\Users\sandraundjörg\AppData\Local\Babylon
2015-05-28 09:30 - 2010-12-03 13:05 - 00000000 ____D C:\Users\sandraundjörg\Downloads\German_v1.4.1
2015-05-28 09:30 - 2010-10-17 18:18 - 00000000 ___RD C:\Users\sandraundjörg\Desktop\LOGOPÄDIE
2015-05-28 09:30 - 2008-03-21 14:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-28 09:30 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-28 09:29 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2015-05-28 09:02 - 2014-04-28 05:16 - 00000680 _____ C:\Users\sandraundjörg\AppData\Local\d3d9caps.dat
2015-05-27 10:43 - 2013-08-03 10:37 - 00016886 _____ C:\Windows\AVMInstall.Log
2015-05-27 09:37 - 2013-08-03 10:37 - 00074116 _____ C:\Windows\avmacc.log
2015-05-27 09:37 - 2013-08-03 10:37 - 00005779 _____ C:\Windows\avmsetup.log
2015-05-27 09:37 - 2013-08-03 10:37 - 00000467 _____ C:\Windows\avmadd32.log
2015-05-26 09:17 - 2010-10-17 14:21 - 00099664 _____ C:\Users\sandraundjörg\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-22 08:50 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-05-22 07:25 - 2013-08-16 07:22 - 00000000 ____D C:\Windows\System32\MRT
2015-05-21 12:03 - 2015-04-25 08:22 - 00000000 ____D C:\Program Files\Mozilla Firefox(332)
2015-05-19 15:43 - 2006-11-02 13:52 - 00139752 _____ C:\Windows\setupact.log
2015-05-19 14:01 - 2015-04-28 14:01 - 00001374 _____ C:\Users\sandraundjörg\Desktop\Registry kostenlos entrümpeln!.lnk
2015-05-19 11:25 - 2014-01-13 20:38 - 00000439 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2015-05-18 11:56 - 2010-10-27 10:55 - 00035428 _____ C:\Users\sandraundjörg\AppData\Roaming\wklnhst.dat
2015-05-14 02:46 - 2006-11-02 13:47 - 00370056 _____ C:\Windows\System32\FNTCACHE.DAT
2015-05-14 02:39 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2015-05-14 02:23 - 2010-11-13 11:02 - 02836924 _____ C:\Windows\System32\Drivers\Cat.DB
2015-05-14 02:08 - 2006-11-02 11:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2015-05-11 13:32 - 2012-01-22 12:01 - 00000000 ____D C:\Users\sandraundjörg\Documents\My Digital Editions
Some files in TEMP:
====================
C:\Users\sandraundjörg\AppData\Local\Temp\avgnt.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2015-05-14 02:03] - [2015-04-11 00:22] - 0279552 ____A (Microsoft Corporation) 4F0A7910FC7D8A66433FA9961EEF8BB5
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 4095.23 MB
Available physical RAM: 3408.14 MB
Total Pagefile: 4093.51 MB
Available Pagefile: 3419.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1955.99 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:293.33 GB) (Free:225.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (53_01_59) (Fixed) (Total:186.27 GB) (Free:63.15 GB) NTFS
Drive e: (DATA) (Fixed) (Total:293.08 GB) (Free:292.89 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:2.03 GB) NTFS
Drive g: (Reparaturdatenträger Windows 7 3) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
Drive h: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:927.68 GB) NTFS
Drive i: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 4CD01D16)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=293.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 29A5351E)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 728699B6)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 960 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=960 MB) - (Type=06)
LastRegBack: 2015-06-09 08:01
==================== End of log ============================
|
|
09.06.2015, 20:30
| #42 |
| /// TB-Ausbilder | DHL Virus oder Trojaner warscheinlich eingefangen Servus, hhmm, ich seh da nix. FRST nochmal im Reparaturmodus ausführen, dieses Mal bitte einen Haken setzen bei ListBCD. Dann auf Scan drücken. Logdatei posten. |
|
10.06.2015, 08:56
| #43 |
| | DHL Virus oder Trojaner warscheinlich eingefangen Hallo Matthias hier das Logfile Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-06-2015
Ran by SYSTEM on MININT-5SO7D58 on 10-06-2015 08:56:54
Running from i:\
Platform: Windows Vista (TM) Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-11] (Realtek Semiconductor)
HKLM\...\Run: [Acer Empowering Technology Monitor] => C:\Acer\Empowering Technology\SysMonitor.exe [326176 2008-01-09] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)
HKLM\...\Run: [PCMMediaSharing] => C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [196128 2007-12-07] (NVIDIA Corporation)
HKLM\...\Run: [PCTools FGuard] => C:\Program Files\PC Tools Security\BDT\FGuard.exe [108496 2010-09-24] (Threat Expert Ltd.)
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [318464 2008-01-21] (Microsoft Corporation)
HKU\Default\...\RunOnce: [RUN] => C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\Default User\...\RunOnce: [RUN] => C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\sandraundjörg\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\sandraundjörg\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\sandraundjörg\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\sandraundjörg\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\sandraundjörg\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ACER(N~1.SCR [187392 2006-10-19] ()
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-25] (CyberLink)
S2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] ()
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825856 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 Browser Defender Update Service; C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe [235472 2010-09-24] (Threat Expert Ltd.)
S2 cjpcsc; C:\Windows\system32\cjpcsc.exe [498096 2010-05-02] (REINER SCT)
S2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784 2008-03-04] (Egis Incorporated)
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()
S2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] ()
S3 sdAuxService; C:\Program Files\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
S3 sdCoreService; C:\Program Files\PC Tools Security\pctsSvc.exe [1145304 2010-09-29] (PC Tools)
S2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [376200 2013-08-01] (SafeNet Inc.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [244040 2013-08-09] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [53192 2013-08-09] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [296200 2013-08-09] (SafeNet Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-05-07] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-05-07] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2010-10-01] (AVM Berlin)
S1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28208 2010-02-08] (REINER SCT)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [926080 2010-10-01] (AVM GmbH)
S2 hardlock; C:\Windows\system32\drivers\hardlock.sys [608648 2013-08-01] (SafeNet Inc.)
S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
S0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [237632 2010-08-18] (PC Tools)
S0 pctDS; C:\Windows\System32\drivers\pctDS.sys [338880 2010-07-16] (PC Tools)
S0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [656320 2010-07-16] (PC Tools)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S1 cqnkcwly; \??\C:\Windows\system32\drivers\cqnkcwly.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-05 10:36 - 2015-06-05 10:36 - 00000000 ____D C:\Temp
2015-05-27 10:43 - 2015-05-27 10:43 - 00000000 ____D C:\Users\sandraundjörg\AVM_Driver(657)
2015-05-27 02:03 - 2015-05-27 02:03 - 00000000 ____D C:\Users\sandraundjörg\AppData\Roaming\DriverCure
2015-05-26 09:11 - 2015-05-26 09:11 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-05-25 10:19 - 2015-05-25 11:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-25 10:17 - 2015-05-25 11:17 - 00000000 ____D C:\Users\sandraundjörg\Desktop\mbar
2015-05-24 19:25 - 2015-05-24 19:25 - 00000601 _____ C:\Users\sandraundjörg\Desktop\aswMBR.txt
2015-05-23 20:09 - 2015-05-23 20:10 - 00000000 ___SD C:\ComboFix
2015-05-23 19:26 - 2015-05-23 20:06 - 00000000 ____D C:\Qoobox
2015-05-23 17:26 - 2015-05-23 20:09 - 00000000 ___SD C:\32788R22FWJFW
2015-05-22 14:16 - 2015-06-10 08:56 - 00000000 ____D C:\FRST
2015-05-21 13:09 - 2015-05-21 13:09 - 00000000 ____D C:\ProgramData\Emsisoft
2015-05-21 12:59 - 2015-05-23 07:42 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-05-21 12:12 - 2015-05-25 10:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-19 08:47 - 2015-05-28 09:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-19 08:47 - 2015-05-19 08:47 - 00000000 ____D C:\Program Files\Mozilla Firefox(274)
2015-05-14 02:22 - 2015-04-30 17:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-05-14 02:17 - 2015-04-19 22:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2015-05-14 02:17 - 2015-04-19 22:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2015-05-14 02:17 - 2015-04-19 22:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2015-05-14 02:17 - 2015-04-19 22:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2015-05-14 02:17 - 2015-04-19 21:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2015-05-14 02:17 - 2015-04-19 21:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2015-05-14 02:17 - 2015-04-19 21:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2015-05-14 02:17 - 2015-04-19 21:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-05-14 02:17 - 2015-04-19 21:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-05-14 02:17 - 2015-04-19 05:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-05-14 02:16 - 2015-04-30 14:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 02:03 - 2015-04-11 00:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\System32\services.exe
2015-05-13 08:58 - 2015-04-10 15:06 - 01214976 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-05-13 08:58 - 2015-04-10 15:06 - 00916992 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-05-13 08:58 - 2015-04-10 15:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-05-13 08:58 - 2015-04-10 15:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2015-05-13 08:58 - 2015-04-10 15:05 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2015-05-13 08:58 - 2015-04-10 15:04 - 06007808 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-05-13 08:58 - 2015-04-10 15:04 - 00630784 _____ (Microsoft Corporation) C:\Windows\System32\mstime.dll
2015-05-13 08:58 - 2015-04-10 15:04 - 00630272 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-05-13 08:58 - 2015-04-10 15:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-05-13 08:58 - 2015-04-10 15:04 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 11084800 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 02006016 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 01469440 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-05-13 08:58 - 2015-04-10 15:03 - 00727552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00387584 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2015-05-13 08:58 - 2015-04-10 15:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-05-13 08:58 - 2015-04-10 15:02 - 00348160 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-05-13 08:58 - 2015-04-10 15:02 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-05-13 08:58 - 2015-04-10 15:02 - 00019456 _____ (Microsoft Corporation) C:\Windows\System32\corpol.dll
2015-05-13 08:58 - 2015-04-10 07:45 - 00385024 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-05-13 08:58 - 2015-04-10 06:01 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-05-13 08:58 - 2015-04-10 06:01 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-05-13 08:58 - 2015-04-10 05:59 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2015-05-13 08:58 - 2015-04-10 05:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-09 08:16 - 2010-10-17 13:17 - 02009041 _____ C:\Windows\WindowsUpdate.log
2015-06-09 07:53 - 2008-01-21 08:16 - 01566088 _____ C:\Windows\System32\PerfStringBackup.INI
2015-06-09 07:46 - 2010-11-13 10:53 - 00000000 ____D C:\ProgramData\TEMP
2015-06-09 07:46 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 07:46 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 07:45 - 2008-01-21 03:47 - 10438502 _____ C:\Windows\PFRO.log
2015-06-06 05:32 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\LogFiles
2015-05-28 14:35 - 2013-12-05 17:50 - 00000000 ____D C:\Program Files\StarMoney 9.0
2015-05-28 09:33 - 2011-12-27 10:00 - 00000000 ____D C:\Program Files\RegClean Pro
2015-05-28 09:31 - 2013-08-03 10:36 - 00000000 ____D C:\Windows\AVM_Driver
2015-05-28 09:31 - 2010-10-17 14:20 - 00000000 ____D C:\users\sandraundjörg
2015-05-28 09:31 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\ShellNew
2015-05-28 09:31 - 2006-11-02 12:18 - 00000000 __RSD C:\Windows\Media
2015-05-28 09:31 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\spool
2015-05-28 09:31 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\Msdtc
2015-05-28 09:31 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2015-05-28 09:31 - 2006-11-02 11:22 - 57147392 _____ C:\Windows\System32\config\software_previous
2015-05-28 09:31 - 2006-11-02 11:22 - 41680896 _____ C:\Windows\System32\config\components_previous
2015-05-28 09:31 - 2006-11-02 11:22 - 181927936 _____ C:\Windows\System32\config\system_previous
2015-05-28 09:31 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\System32\config\security_previous
2015-05-28 09:31 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\System32\config\sam_previous
2015-05-28 09:31 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\System32\config\default_previous
2015-05-28 09:30 - 2014-09-27 09:02 - 00000000 ___RD C:\Users\sandraundjörg\Desktop\wolllottes landhof
2015-05-28 09:30 - 2014-07-02 08:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-05-28 09:30 - 2014-05-28 10:36 - 00000000 ____D C:\Users\sandraundjörg\Downloads\USB-Massenspeichergerät 8afe585d7ea8f76c3493e6ab9e30bc64
2015-05-28 09:30 - 2014-05-28 10:17 - 00000000 ____D C:\Users\sandraundjörg\Downloads\NVIDIA nForce RAID Controller 127f0242f81f9db1db277494d760daa9
2015-05-28 09:30 - 2014-01-14 19:45 - 00000000 ____D C:\Users\sandraundjörg\{d17a6dc5-6f6b-43ab-8001-415173969a3f}
2015-05-28 09:30 - 2014-01-08 13:06 - 00000000 ___RD C:\Users\sandraundjörg\Desktop\Wolllotte
2015-05-28 09:30 - 2013-08-03 10:37 - 00000000 ____D C:\Program Files\avmwlanstick
2015-05-28 09:30 - 2013-08-03 10:36 - 00000000 ____D C:\Users\sandraundjörg\AVM_Driver
2015-05-28 09:30 - 2012-11-01 10:16 - 00000000 ___RD C:\Users\sandraundjörg\Desktop\CorelDRAW Graphics Suite X4
2015-05-28 09:30 - 2012-01-22 11:26 - 00000000 ____D C:\Users\sandraundjörg\Desktop\EBOOKS
2015-05-28 09:30 - 2012-01-19 19:46 - 00000000 ____D C:\Users\sandraundjörg\AppData\Roaming\FinalMediaPlayer
2015-05-28 09:30 - 2012-01-19 19:46 - 00000000 ____D C:\Program Files\File Type Assistant
2015-05-28 09:30 - 2012-01-19 19:44 - 00000000 ____D C:\Program Files\Free Offers from Freeze.com
2015-05-28 09:30 - 2011-12-27 10:00 - 00000000 ____D C:\Users\sandraundjörg\AppData\Roaming\Systweak
2015-05-28 09:30 - 2011-12-27 07:32 - 00000000 ____D C:\Users\sandraundjörg\Desktop\Musik
2015-05-28 09:30 - 2011-08-30 05:54 - 00000000 ____D C:\Program Files\iLivid
2015-05-28 09:30 - 2011-04-06 09:09 - 00000000 ____D C:\Users\sandraundjörg\Desktop\Jörg
2015-05-28 09:30 - 2010-12-18 17:49 - 00000000 ____D C:\Users\sandraundjörg\AppData\Local\Babylon
2015-05-28 09:30 - 2010-12-03 13:05 - 00000000 ____D C:\Users\sandraundjörg\Downloads\German_v1.4.1
2015-05-28 09:30 - 2010-10-17 18:18 - 00000000 ___RD C:\Users\sandraundjörg\Desktop\LOGOPÄDIE
2015-05-28 09:30 - 2008-03-21 14:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-28 09:30 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-28 09:29 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2015-05-28 09:02 - 2014-04-28 05:16 - 00000680 _____ C:\Users\sandraundjörg\AppData\Local\d3d9caps.dat
2015-05-27 10:43 - 2013-08-03 10:37 - 00016886 _____ C:\Windows\AVMInstall.Log
2015-05-27 09:37 - 2013-08-03 10:37 - 00074116 _____ C:\Windows\avmacc.log
2015-05-27 09:37 - 2013-08-03 10:37 - 00005779 _____ C:\Windows\avmsetup.log
2015-05-27 09:37 - 2013-08-03 10:37 - 00000467 _____ C:\Windows\avmadd32.log
2015-05-26 09:17 - 2010-10-17 14:21 - 00099664 _____ C:\Users\sandraundjörg\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-22 08:50 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-05-22 07:25 - 2013-08-16 07:22 - 00000000 ____D C:\Windows\System32\MRT
2015-05-21 12:03 - 2015-04-25 08:22 - 00000000 ____D C:\Program Files\Mozilla Firefox(332)
2015-05-19 15:43 - 2006-11-02 13:52 - 00139752 _____ C:\Windows\setupact.log
2015-05-19 14:01 - 2015-04-28 14:01 - 00001374 _____ C:\Users\sandraundjörg\Desktop\Registry kostenlos entrümpeln!.lnk
2015-05-19 11:25 - 2014-01-13 20:38 - 00000439 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2015-05-18 11:56 - 2010-10-27 10:55 - 00035428 _____ C:\Users\sandraundjörg\AppData\Roaming\wklnhst.dat
2015-05-14 02:46 - 2006-11-02 13:47 - 00370056 _____ C:\Windows\System32\FNTCACHE.DAT
2015-05-14 02:39 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2015-05-14 02:23 - 2010-11-13 11:02 - 02836924 _____ C:\Windows\System32\Drivers\Cat.DB
2015-05-14 02:08 - 2006-11-02 11:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2015-05-11 13:32 - 2012-01-22 12:01 - 00000000 ____D C:\Users\sandraundjörg\Documents\My Digital Editions
Some files in TEMP:
====================
C:\Users\sandraundjörg\AppData\Local\Temp\avgnt.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2015-05-14 02:03] - [2015-04-11 00:22] - 0279552 ____A (Microsoft Corporation) 4F0A7910FC7D8A66433FA9961EEF8BB5
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {default}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {d39123e0-0b5e-11e5-9f64-cd386026226f}
device partition=F:
path \Windows\system32\winload.exe
description Windows (TM) Code Name "Longhorn" Preinstallation Environment (wiederhergestellt)
locale en-US
osdevice partition=F:
systemroot \Windows
winpe Yes
Windows-Startladeprogramm
-------------------------
Bezeichner {default}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale de-DE
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {e9c3e7f1-f78a-11dc-a212-90612996df6e}
nx OptIn
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {e9c3e7f1-f78a-11dc-a212-90612996df6e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows-Speicherdiagnose
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
Windows-Legacybetriebssystem-Ladeprogramm
-----------------------------------------
Bezeichner {ntldr}
device unknown
path \ntldr
description Frhere Windows-Version
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 4095.23 MB
Available physical RAM: 3417 MB
Total Pagefile: 4093.51 MB
Available Pagefile: 3434.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.99 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:293.33 GB) (Free:225.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (53_01_59) (Fixed) (Total:186.27 GB) (Free:63.15 GB) NTFS
Drive e: (DATA) (Fixed) (Total:293.08 GB) (Free:292.89 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:2.03 GB) NTFS
Drive g: (Reparaturdatenträger Windows 7 3) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
Drive h: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:927.68 GB) NTFS
Drive i: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 4CD01D16)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=293.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 186.3 GB) (Disk ID: 29A5351E)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 728699B6)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 960 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=960 MB) - (Type=06)
LastRegBack: 2015-06-09 08:01
==================== End of log ============================
|
|
10.06.2015, 19:40
| #44 |
| /// TB-Ausbilder | DHL Virus oder Trojaner warscheinlich eingefangen Servus, ich frag mal intern im Team nach.  |
|
12.06.2015, 19:58
| #45 |
| | DHL Virus oder Trojaner warscheinlich eingefangen Hallo Matthias Ubuntu geht jetzt wie soll ich weitermachen? Habe mit den Datensichern ein kleines Problem mit der Handhabung. Überfordert mich gerade. Ubuntu war nicht korrekt geladenen worden. |
|
| Themen zu DHL Virus oder Trojaner warscheinlich eingefangen |
| antivir, brauche, dhl virus, eingefangen, firefox, gefangen, gen, installer, interne, internet, link, mail, malware, mauszeiger, pakete, quarantäne, rojaner gefunden, software, total, trojaner, unerwünschte, virus, website, wirklich, würde, überall, öffnen |
Linear-Darstellung
